Fix debian 8/9 “curl: (60) SSL certificate problem: certificate has expired”

example error
curl -I https://www.google.com/

curl: (60) SSL certificate problem: unable to get local issuer certificate

.

.


test cURL .php script –https://smartslider.helpscoutdocs.com/article/2045–#confirm
<?php

// create curl resource

$ch = curl_init();



// set url 

curl_setopt($ch, CURLOPT_URL, "https://api.nextendweb.com/");



//return the transfer as a string 

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);



$errorFile = dirname(__FILE__) . '/curl_error.txt';

$out       = fopen($errorFile, "w");

curl_setopt($ch, CURLOPT_VERBOSE, true);

curl_setopt($ch, CURLOPT_STDERR, $out);



// $output contains the output string 

$output = curl_exec($ch);



curl_close($ch);

fclose($out);



echo "<h1>LOG</h1>";

echo "<pre>";

echo htmlspecialchars(file_get_contents($errorFile));

unlink($errorFile);

echo "</pre>";

if apt-get install –reinstall ca-certificates not work, try
wget --no-check-certificate -O - https://raw.githubusercontent.com/xenetis/letsencrypt-expiration/main/letsencrypt-expiration.sh | bash
 letsencrypt-expiration.sh
#!/usr/bin/env bash



if [[ $(lsb_release -sc) = "jessie" || $(lsb_release -sc) = "stretch" ]]; then

  apt-get install ca-certificates -y

  sed -i -e 's|mozilla/DST_Root_CA_X3.crt|#mozilla/DST_Root_CA_X3.crt|g' /etc/ca-certificates.conf

  sed -i -e 's|mozilla/ISRG_Root_X1.crt|#mozilla/ISRG_Root_X1.crt|g' /etc/ca-certificates.conf

  wget --no-check-certificate https://letsencrypt.org/certs/lets-encrypt-r3.pem -O /usr/local/share/ca-certificates/lets-encrypt-r3.crt

  wget --no-check-certificate https://letsencrypt.org/certs/isrgrootx1.pem -O /usr/local/share/ca-certificates/isrgrootx1.crt

  update-ca-certificates -f

fi

if [[ $(lsb_release -sc) = "buster" ]]; then

  apt-get update --allow-releaseinfo-change -y

  apt-get install ca-certificates -y

fi
–https://serverfault.com/a/1081021

but for me, this fixed –https://stackoverflow.com/a/31830614
cd /etc/ssl/certs/

wget --no-check-certificate https://curl.se/ca/cacert.pem

echo "cacert = /etc/ssl/certs/cacert.pem" > /root/.curlrc

echo "ca_directory = /etc/ssl/certs/" > /root/.wgetrc

vim /etc/php/7.0/fpm/php.ini

#edit curl.cainfo = "/etc/ssl/certs/cacert.pem"

#edit openssl.cafile="/etc/ssl/certs/cacert.pem"

service php7.0-fpm restart

service nginx restart

worked, test again with script .php above or cURL commandline
curl -I https://www.google.com

HTTP/1.1 200 OK

Content-Type: text/html; charset=ISO-8859-1

.

.

โพสใกล้เคียงที่ผู้คนนิยมอ่านต่อ

  1. Change Localtime and Update Linux
  2. วิธี SSH ข้ามเซิฟเวอร์โดยไม่ใส่รหัสผ่าน
  3. How to install mod_evasive (block DDoS Apache)
  4. How to Install mod_ruid2 on Debian 64bit DirectAdmin installed
  5. update OpenSSL on Debian & DirectAdmin

โพสแนะนำที่มีผู้คนกำลังอ่านอยู่


Blog | , , , ,
Line it!